WebProcess should use AppSandbox style quarantine
authorap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Nov 2011 23:06:35 +0000 (23:06 +0000)
committerap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Nov 2011 23:06:35 +0000 (23:06 +0000)
        https://bugs.webkit.org/show_bug.cgi?id=72168
        <rdar://problem/10434292>

        Reviewed by Darin Adler.

        * WebProcess/mac/WebProcessMac.mm: (WebKit::initializeSandbox): Just enable it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@100033 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/mac/WebProcessMac.mm
WebKitLibraries/ChangeLog
WebKitLibraries/WebKitSystemInterface.h
WebKitLibraries/libWebKitSystemInterfaceLeopard.a
WebKitLibraries/libWebKitSystemInterfaceLion.a
WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a

index 6b05e6a..2d4ed46 100644 (file)
@@ -1,3 +1,13 @@
+2011-11-11  Alexey Proskuryakov  <ap@apple.com>
+
+        WebProcess should use AppSandbox style quarantine
+        https://bugs.webkit.org/show_bug.cgi?id=72168
+        <rdar://problem/10434292>
+
+        Reviewed by Darin Adler.
+
+        * WebProcess/mac/WebProcessMac.mm: (WebKit::initializeSandbox): Just enable it.
+
 2011-11-11  Darin Adler  <darin@apple.com>
 
         * WebKit2.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
index 12d4221..29db655 100644 (file)
@@ -211,6 +211,13 @@ static void initializeSandbox(const WebProcessCreationParameters& parameters)
 
     for (size_t i = 0; sandboxParameters[i]; i += 2)
         fastFree(const_cast<char*>(sandboxParameters[i + 1]));
+
+    // This will override LSFileQuarantineEnabled from Info.plist unless sandbox quarantine is globally disabled.
+    OSStatus error = WKEnableSandboxStyleFileQuarantine();
+    if (error) {
+        fprintf(stderr, "WebProcess: couldn't enable sandbox style file quarantine: %d\n", error);
+        exit(EX_NOPERM);
+    }
 #endif
 }
 
index f24f6e4..782ccc0 100644 (file)
@@ -1,3 +1,19 @@
+2011-11-11  Alexey Proskuryakov  <ap@apple.com>
+
+        WebProcess should use AppSandbox style quarantine
+        https://bugs.webkit.org/show_bug.cgi?id=72168
+        <rdar://problem/10434292>
+
+        Reviewed by Darin Adler.
+
+        * WebKitSystemInterface.h:
+        * libWebKitSystemInterfaceLion.a:
+        Added WKEnableSandboxStyleFileQuarantine().
+
+        * libWebKitSystemInterfaceLeopard.a:
+        * libWebKitSystemInterfaceSnowLeopard.a:
+        Not sure why these also changed, but updating to match most recent build.
+
 2011-11-02  Dean Jackson  <dino@apple.com>
 
         Add ENABLE_CSS_SHADERS flag
index 304c55e..e8fed68 100644 (file)
@@ -429,6 +429,8 @@ bool WKSandboxExtensionInvalidate(WKSandboxExtensionRef sandboxExtension);
 const char* WKSandboxExtensionGetSerializedFormat(WKSandboxExtensionRef sandboxExtension, size_t* length);
 WKSandboxExtensionRef WKSandboxExtensionCreateFromSerializedFormat(const char* serializationFormat, size_t length);
 
+OSStatus WKEnableSandboxStyleFileQuarantine(void);
+
 int WKRecommendedScrollerStyle(void);
 
 bool WKExecutableWasLinkedOnOrBeforeSnowLeopard(void);
index b3079da..8fabbd2 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceLeopard.a and b/WebKitLibraries/libWebKitSystemInterfaceLeopard.a differ
index e73432c..714d05b 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceLion.a and b/WebKitLibraries/libWebKitSystemInterfaceLion.a differ
index f46dd97..f289971 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a and b/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a differ